X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-lf0-f67.google.com (mail-lf0-f67.google.com [209.85.215.67]) by lists.alpinelinux.org (Postfix) with ESMTP id 97FC95C423B for ; Wed, 1 Feb 2017 09:15:56 +0000 (GMT) Received: by mail-lf0-f67.google.com with SMTP id h65so35767617lfi.3 for ; Wed, 01 Feb 2017 01:15:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=z+sdUnmpHzLukXozG1Nkh9fw3JakRhp+9O6f2tUIZeI=; b=PBpg5VdgZPMBIH/ZXkAvpuo3TUZ6MPLCkRECzYauM1ioeQn7FFZsOriO7Zkeuxtetf J56tvsnDOYhks0SzoU75HsKZT13vLKSep98AV0A8XZpWnBCnrZqbcoOW5ieush9SLLPj SMfkjfjf2Ao068TTdkL8/LGBTQY5zTBADBNtZ58U7A0C6JGMuSRnyYNZENiTJjUQoXRi UmhGzqL+IDMunleNkan9xi5/UBR+Nto/j4nfWlt3lulkoTf+090RoqJ2sBuyrvwycGFh WOiAdlZYPGaKtUMUbvzD8aOBzWBrjbNh9P7FfoSCsevmBGlLr4r2Z8/arugpzISpLwan TMsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=z+sdUnmpHzLukXozG1Nkh9fw3JakRhp+9O6f2tUIZeI=; b=Q5/GBvD5kt00cwaIL8il9PP8uI2GM4OZHu2MBpMLI3inwPFg688U+aQ7aqdj0Nw+G5 pRDuGbGUjm0+h4dE488VW2pOKm0fzC0yUwrIYDmtDziXHw0gixTUK9z+XtSeO2dLrx6k yl4+E1/ux1C1kNrxk03u7sR+m47usjNCvESMeFE0ngb1EeRXccD7nM/vWYivZA1HNAtQ 5eILDfU1Hv4WxTeqgN7pK5+omepbvfpipKJ38fzurRLVmiSP1Ej6b8lmV81a6wagOXFA ppU7VHzIjNjmDimv8J89sGrXoMJP5m+T2BlselgOWokfHEhkc86RgKmFiV1fm95smeHZ dT/A== X-Gm-Message-State: AIkVDXLhj5UDW6DopuUv4AHUhiSAqvPIb0fSBMbUDJmGwauuLylMwezjFDylx6TG/BdoJQ== X-Received: by 10.25.16.77 with SMTP id f74mr455548lfi.81.1485940555484; Wed, 01 Feb 2017 01:15:55 -0800 (PST) Received: from v3-5.util.wtbts.net ([83.145.235.199]) by smtp.gmail.com with ESMTPSA id x75sm5555290lfi.16.2017.02.01.01.15.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 01 Feb 2017 01:15:54 -0800 (PST) From: Sergei Lukin To: alpine-aports@lists.alpinelinux.org Cc: Sergei Lukin Subject: [alpine-aports] [PATCH v3.5] main/libarchive: security fixes #6791 Date: Wed, 1 Feb 2017 09:15:48 +0000 Message-Id: <20170201091548.24837-1-sergej.lukin@gmail.com> X-Mailer: git-send-email 2.11.0 X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: CVE-2017-5601: Out of bounds read in lha_read_file_header_1() function --- main/libarchive/APKBUILD | 21 ++++++++++++++++----- main/libarchive/CVE-2017-5601.patch | 24 ++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 5 deletions(-) create mode 100644 main/libarchive/CVE-2017-5601.patch diff --git a/main/libarchive/APKBUILD b/main/libarchive/APKBUILD index 69191829b5..d976f795ab 100644 --- a/main/libarchive/APKBUILD +++ b/main/libarchive/APKBUILD @@ -1,7 +1,8 @@ +# Contributor: Sergei Lukin # Maintainer: Natanael Copa pkgname=libarchive pkgver=3.2.2 -pkgrel=0 +pkgrel=1 pkgdesc="library that can create and read several streaming archive formats" url="http://libarchive.org/" arch="all" @@ -10,7 +11,14 @@ depends="" depends_dev="zlib-dev bzip2-dev xz-dev acl-dev libressl-dev expat-dev" makedepends="$depends_dev" subpackages="$pkgname-dev $pkgname-doc $pkgname-tools" -source="http://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz" +source="http://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz + CVE-2017-5601.patch + " + +# secfixes: +# 3.2.2-r1: +# - CVE-2017-5601.patch + builddir="$srcdir/$pkgname-$pkgver" build () { @@ -36,6 +44,9 @@ tools() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -md5sums="1ec00b7dcaf969dd2a5712f85f23c764 libarchive-3.2.2.tar.gz" -sha256sums="691c194ee132d1f0f7a42541f091db811bc2e56f7107e9121be2bc8c04f1060f libarchive-3.2.2.tar.gz" -sha512sums="a67920c37d49cf9478032d77fc4fa21827cebb96e9b83d9ecb8466328834052e4ab3d3a9bc4e2edf405d6cb14ffd648c9fa100b578257f6e5842c99bbea558a7 libarchive-3.2.2.tar.gz" +md5sums="1ec00b7dcaf969dd2a5712f85f23c764 libarchive-3.2.2.tar.gz +165d8eb95d6083dfd3e8f2453a644497 CVE-2017-5601.patch" +sha256sums="691c194ee132d1f0f7a42541f091db811bc2e56f7107e9121be2bc8c04f1060f libarchive-3.2.2.tar.gz +572abfaf0e252f855a500bfc17eb711f26be6e94133a8e3bbf929e49b0450533 CVE-2017-5601.patch" +sha512sums="a67920c37d49cf9478032d77fc4fa21827cebb96e9b83d9ecb8466328834052e4ab3d3a9bc4e2edf405d6cb14ffd648c9fa100b578257f6e5842c99bbea558a7 libarchive-3.2.2.tar.gz +c450b0a9eb952b292d3749acd7041b59a0fa72b8f5a284ceaab6665a95336a5b39182addd59628661caf911a6461726ebe1c85c7d39b7d9da84ed6f736ef3e6e CVE-2017-5601.patch" diff --git a/main/libarchive/CVE-2017-5601.patch b/main/libarchive/CVE-2017-5601.patch new file mode 100644 index 0000000000..44d5e1779f --- /dev/null +++ b/main/libarchive/CVE-2017-5601.patch @@ -0,0 +1,24 @@ +Source: +https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 + +commit 98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 +Author: Martin Matuska +Date: Thu Jan 19 22:00:18 2017 +0100 + + Fail with negative lha->compsize in lha_read_file_header_1() + Fixes a heap buffer overflow reported in Secunia SA74169 + +diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c +index 52a5531b..d77a7c2e 100644 +--- a/libarchive/archive_read_support_format_lha.c ++++ b/libarchive/archive_read_support_format_lha.c +@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha) + /* Get a real compressed file size. */ + lha->compsize -= extdsize - 2; + ++ if (lha->compsize < 0) ++ goto invalid; /* Invalid compressed file size */ ++ + if (sum_calculated != headersum) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, + "LHa header sum error"); -- 2.11.0 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---